* ManagedServiceAccounts: Add a config option to disabled by default
* Update log in pkg/services/extsvcauth/registry/service.go
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Managed Service Accounts: Use AutoAssignOrgID
* Fix the IsExternalServiceAccount function
* Reassign service account role
* Account for AutoAssignOrg
* Update pkg/services/serviceaccounts/models.go
* Simplify IsExternalServiceAccount function
* Add tests
* Easier to understand test
* Revert small change
* Feature Flags: use FeatureToggles interface where possible
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* Replace TestFeatureToggles with existing WithFeatures
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
* ExtSvcAccounts: Fix External Service Accounts Login check
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* Remove service accounts assignments and permissions on delete
* Fix first set of tests
* Fix second batch of tests
* Fix third batch of tests
---------
Co-authored-by: Karl Persson <kalle.persson@grafana.com>
* AuthN: Remove embedded oauth server
* Restore main
* go mod tidy
* Fix problem
* Remove permission intersection
* Fix test and lint
* Fix TestData test
* Revert to origin/main
* Update go.mod
* Update go.mod
* Update go.sum
* Add `isManaged` property to frontend model
* Remove enabled and token buttons for managed SA
* Replace trash icon for lock icon for managed SA
* Block the role picker for managed SA
* Filter SA list usiong the managed filter
* Rename external for managed
* Add only managed filter
* Toggle the enable buttons for managed sa
* Disable add token and delete token buttons
* Remove the edit name button
* Disable the Role picker for managed sa
* Hide the permissions section
* Add managed by row
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
* Add `isExternal` property to frontend model
* Remove enabled and token buttons for external SA
* Replace trash icon for lock icon for external SA
* Block the role picker for external SA
* Filter SA list using the external filter
* Add only external filter at backend
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Add interface verification compliance
* rework service account api to a provider
* wire the service accounts api
* rewire the implementation of sa srv for the proxy
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Disable plugin service account
* Revert extsvc injection
* handle plugin state changes
* Use isProxyEnabled
* Remove plugininteg changes
* Change update function to also work for mysql 😩
* Change test to also check no collateral update
* Update pkg/services/serviceaccounts/database/store_test.go
* Update pkg/services/serviceaccounts/database/store_test.go
* add FlagExternalServiceAccounts to proxy service
* add FlagExternalServiceAccounts value to tests
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* expand serviceaccount service interface
* implemet FakeServiceAccountService
* Replace SA service interface from api
* merge sa proxy tests with new fake service
* implement DeleteServiceAccountToken
* add test for DeleteServiceAccountToken
* AuthN: Add metrics to external service accounts management
* Add a new metric to count stored external service accounts
* Update variable names
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Add test to SearchOrgServiceAccounts
* Add feature flags checks before registering and using the metrics
---------
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Add proxy service template
* Replace SA srv with proxy for external SA srv
* Move service account prefix to a constant
* Prevent deletion from external service account
* Make SA validation a resusable function
* Add protection for creating service accounts
* Add protection when updating service accounts
* Add IsExternal field for service account
* Protect ext service account token generation
* Add verbose errors for form name or sa name
* add tests
* Add logs
* Adjusts tests
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
